Posted
by
kdawson
on Sunday October 29, 2006 @03:22PM
from the play-nicely-now dept.

An anonymous reader writes, "I just tried a Google Image Search in IE7 for the first time. Whenever I click on an image, my browser tells me in big bold letters, "This is a reported phishing website." Try it yourself: make sure automatic phishing detection is turned on and do an (adorable) image search; click on one of the result thumbnails. MSN Live Image Search has no such issues. Insert Microsoft evil conspiracy theory here." I get this behavior under IE7, Win XP Pro, SP2, Parallels, Mac OS X.

Remember, the phishing filter that IE uses is "live". If a new site becomes a phishing site, MS can address it on their servers immediately. If a site is mislabeled, MS can fix that immediately. There's no definitions being downloaded, it's all server side.

I've watched the phenomena happen live. Like many of us, I've tutored beginning and novice users on specific apps and general OS tasks. Maybe it's just the run of numbers, but some people, in spite of my instructions, will want to click on the button that gets them the furthest from their goal.

I've also witnessed something a little more, well, let's just say metaphysical. A couple people I know seem to make computers crash or operate unpredictably. Anywhere from full-on crashes (on say, my computer that n

I've been called out at 4am in the morning because an important machine had lost all of its passwords and wouldn't allow anybody to access it causing a delay costing 10's of 1000's of $ for each hour it was down.

Try it yourself: make sure automatic phishing detection is turned on and do an (adorable) image search; click on one of the result thumbnails.I wonder how many slashdotters this "AC" will trick into installing IE7...

Its obviously not in their interest to incorrectly block google images. All it will do is make people not trust the phishing stuff, and turn it off. Incomptent maybe, but they aren't stupid enough to think that people would just stop using google images when they get blocked and use msn instead.

All it will do is make people not trust the phishing stuff, and turn it off.

I am less than happy about Microsoft monitoring my surfing habits under the guise of phishing prevention. I wonder how long before that information will be used against me by the MPAA or the RIAA, since Microsoft is in bed with those associations already.

Guys, can't you see it, this article is a cunning plot by the Evil Empire to produce 3,000/. posts saying "IE7 is fine"? How devious can you get? Stick to Firefox, and then you'll never get suckered like this!

You may be trying to be funny, but happened something like that with a slashdot article on one guy criticizing wga and later saying "oopsie, my fault". And i had anticipated it, too. read comment, story [slashdot.org] and then... Tinfoil hat working great [slashdot.org] And look how anti-tinfoil M$ brigade is already modding you down:)

That's Problem Exists Between Keyboard And Chair for those that haven't see the acronym. I have XP SP2 here and IE7 is in a basically default state since I use FF. Tried GIS and explicitly asked it to check and it reports "this is not a phishing webstie". It says that both for the main GIS page and after I did an actual search.

Remember folks: FUD, it's not just from MS anymore!

Seriously I wish people would stop with the crap but I really wish/. would not post things like this without verification.

(I know I know, replying to your own posts is bad form) my bet is that Google returned an image that was on a suspected phishing site. When you click on an image, Google actually sends you to that site. Thus if it's a phishing site, well that'd set IE7 off. That would be the browser operating as it should, so I still stand by my original diagnosis. The user is the problem, they fail to understand how the Internet works and ascribe it to MS conspiracy.

Does PEBKAC include you not reading the description of the problem? He wasn't talking about the main page, or the search page. He was talking about the two-frame page you get after clicking on a single search result, the one with the image and 'see see full size' link at the top, and the source page at the bottom.

It's the FOX question mark, as explained by Jon Stewart a few weeks ago. As in, "Hillary Clinton Photographed Sacrificing Babies to Satan?" or "Your Mother's a Whore?" (Seriously, they do it a lot. Mr. Stewart speculated, quite possibly correctly, that the question mark is a cover-your-ass manuver. Actually, not just FOX, but they do appear to be the masters of it.)

...the URL and query string and hence everything you are Googling for being passed to Microsoft's servers. Think of all those Google searches (and the following immediate clicks) Microsoft could extrapolate and use to improve their own search engine...

No. According to MSDN, only URLs that are not common are sent to the Microsoft server for verification. This list of not-common URLs sit on your machine, and even then only the base of the URL is sent to Microsoft for analysis.

Phishing Filter does not check every URL on the Microsoft server. It only sends those which are not on a known list of OK sites or those that appear suspicious based on heuristics. If an URL is checked on the Microsoft server, first the URL is stripped down to the path to help remove personal information, then the remaining URL is sent over a secure SSL connection. The communication with the Microsoft server is done asynchronously so that there is little to no effect on your browsing experience.

So, for example, if you were to visit http://www.msn.com/ [msn.com] nothing will be checked on the Microsoft server because "msn.com" and other major websites are on the client-side list of OK sites. However, let's say the URL looked like this: http://207.68.172.246/result.aspx?u=Tariq&p=Tariq [207.68.172.246]' sPassword, in this scenario phishing filter will remove the query string to help protect my privacy but it will send "http://207.68.172.246/result.aspx" to be checked by the Microsoft Server because 207.68.172.246 is not on the allow list of OK sites. As it turns out, 207.68.172.246 is just the IP address of MSN.com server, so its not a phishing site but this example should help you understand more about how Phishing Filter checks sites on the server.

Of course that's no disproof of the conspiracy, as long as neither the list of good sites, nor the heuristics is published. After all, the heuristics could contain "if it starts with http://www.google./ [www.google.] it's suspicious." (This could be justified by the fact that you might view a phishing site through Google cache).

But like every good conspiracy theory, it could be immunized even against publishing of this information: Who knows if the published algorithm really matches the one implemented in IE7? After all,

They can track every non-main stream website you go to. Which is, you know, probably EXACTLY WHAT THEY* WANT. This is just pre-filtering and data-massaging built into the computer being spied upon. Sounds really convinient really.

With a big fat dialog, that says "This URL will be sent to Microsoft". With option to cancel. With no mandatory option to check all URLs (unless you say that you want to). In other words, yeah, if you say "Do that automatically" it will do exactly what you asked it to. Duh

With a big fat dialog, that says "This URL will be sent to Microsoft". With option to cancel. With no mandatory option to check all URLs (unless you say that you want to). In other words, yeah, if you say "Do that automatically" it will do exactly what you asked it to. Duh

And what percentage of the computer using population has no idea what is meant by the warning? But if it is getting sent to M$ it must be OK. M$ could warn "by clicking on this you authorize Microsoft to enable you to take advantage of t

I can't believe this was posted without a screenshot! Sheesh!
What does NOT work fine and IS worthy of Slashdot is the fact that most MS apps open websites up in IE regardless of the fact that Firefox is my default browser.

After reading this article, I used IE7 to go to a website that wanted to install the Flash 9 ActiveX control (actually, I went to several) and then got tired of it asking me to install one when I didn't want to every time I hit certain web pages, so I looked in help to see how to turn it off. Now here's the confusing part:Apparently, to disable information bar prompting, you have to *enable* automatic prompting for several different types of prompts in the security settings property sheet. I tried one, an

I'm assuming you're saying you just don't want to run Flash, since otherwise you REALLY don't want to be using an outdated version of the player (security issues). Best solution I've found: Install Flash player, then disable it. You can disable it (IE-wide global switch) using the Add-In Manager (you can reach this from the Tools comand bar icon, or by double clicking a spot on the Status bar - I think there's s tooltip that appears when your mouse is over the Add-In Manager) and flash will then just not lo

This is a slow news day isn't it? Still, kitten searches are all good.

Look, somebody probably reported the Google Images header as a phishing website. Microsoft have probably since removed it from their phishing database. I'm sure they're refining the phishing technology so that websites require multiple reports before they enter the phishing database as we speak.

A good example when someone who has found anything in IE7 gets a headlight... even without checking. Either due to frames or not replicable by anyone but the author.. still.. OMG... its an IE7 error.. so it's got to be posted! Talk about conspiracy theries

You people are implying/. editors don't try a simple google search before top-posting the story. COME ON EDITORS! TELL THE WORLD YOU DID CHEck... what? nevermind....
Seriously, the phishing report is built in or depends on connecting to mother m$? in the second case you're just making assumptions. You anti-anti-microsoft zealots.

Is it possible that you went to click on an image, but instead of sending you an image, it sent you re-directed HTML? You can all point and laugh at me for admitting this if you like, but this often happens to me with porn searches. You get this really nice thumbnail that claims to be a good res, then ya click on it, and instead of being met with a nice high-res image you're met with a web page saying "Gimme a credit card number!" Is it possible that IE7 has protection against this? Is this considered a

It is all FUD. Some of the images of "adorable kittens" were from phishing sites (BTW, now all my personal info is fished out, since I your search in Firefox), and Microsoft took good care of you.

The alternative explanation would be that Microsoft is unscrupulous software monopoly that could not compete honestly for a single day of its stinking existence, but, hay, that would be totally untrue, right?

1) Post unsubstantiated story regarding any Microsoft product malfunctioning.2) Slashdot engine automatically posts3) you know the rest.I've been reading slashdot for so very long now, it's almost like an addiction, but i think it's finally time i erased my bookmark.

I have to admit though i'm pleased that, at the current time, the kneejerk reaction so typical of the slashdot community hasn't fired yet.

Believe it or not the editor probably did check this. If you notice the bit "I get this behavior under IE7, Win XP Pro, SP2, Parallels, Mac OS X." is outside of the quote of the submitter this implies the editor did check and seen the same results.

As for why it doesn't work now, that's obvious, as soon as the mistake was spotted Microsoft would have fixed it. They'd have got sued by Google if they were incorrectly labelled as a phishing site and it turned out MS weren't going to rectify this.

I searched on pictures of rabbits (no reason - a random word) and got pictures of little bunnies. Perhaps you were searching for something more adult...

As other people here were saying, perhaps you hit on a site(s) that MS had just had reported as a suspect site. Alternatively, perhaps MS had a fault on a server somewhere. That last one may seem like a long shot. I mean, everyone here can attest to their reliability!

...been using it at work to find images on occasion for a looooong time now and never had this happen.

Probably related to multiple phishing links being promulgated by links from Google. Something they'll surely look to fix as this will happen with MSN and other sites as they get more usage (Google's always the big one.)

This is why when it asks you if you want anti-phishing support turned on, you say no, only when requested:D

Whether or not microsoft use the data they could potentially be collecting is one thing, but providing this service without you sending data to their servers (in the form of a query, from your IP address), is impossible.

One could argue that all of the cddb databases out there are tracking your music listening habits, but no one seems to be up in arms about that:D